What term describes predefined, step-by-step procedures that security orchestration platforms execute automatically to reduce MTTR?

The concept being tested is automated, predefined workflows. Runbooks are the exact, step-by-step procedures that a security orchestration platform can execute autonomously to handle incidents, contain threats, collect evidence, and remediate, all aimed at reducing MTTR. They specify the precise actions, data to gather, and how to respond, so the system can run them without waiting for human input. A playbook, while related, is more of a plan or guide for response actions and can include manual steps; it’s not necessarily the automated script that runs inside the platform. Checklists are simply tasks to verify or perform, not automated workflows, and SOPs describe general standard operating procedures for operations, not the automated incident-response workflows. So the best fit is runbooks.